1. Declare The Command Object
Sy: Classname Object Name;
Ex: Sqlcommand Cmd;
2. Define Command Object
Sy: Object Name=New Classname(“Parameterized Query”, Connection Object)
Ex:Cmd=New Sqlcommand(“Delete from EmpDetails where ……EmpId=@PEmpId”Co,n);
3. Mention Command Type
Sy: Object Name Command Type=Command Type.Value;
Ex: Cmd.Commandtype=Commandtype.Text;
4. Pass the values to the Parameters using Command object
Sy:-Cmd.Parametes.AddWIthValue(“Parameter Name”,Value to be stored into ………..the parameter
EX:-Cmd.Parameters.AddWithValue(“PEmpId”,txtEmpId.text)
5. Open the Connection
Sy:-Connection Object Name.Open( );
Ex:-Con.Open();
6. Execute The Commend Object
Sy: Object Name.Execution Method( );
Ex: Cmd.ExecuteNonQuery();
Advantages using Parameterized Query:-
[1] In Parameterized query once query is executed results/plans are called to the .......DataBase Temporarly.
[2] Execution is fast because execution plans are cached.
[3] No possible (Less possible ) of SqlInjection attacks.
Disadvantages In Non-Parameterized Query Method:-
[1] Not Flexible to use because query is required to change from DataBase to DataBase..
No comments:
Post a Comment